build(deps): bump actions/attest-build-provenance from 1 to 2 #1409
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Interoperability tests | |
on: [push, repository_dispatch] | |
jobs: | |
build-rage: | |
name: Build rage | |
runs-on: ubuntu-latest | |
steps: | |
- name: Create FiloSottile/age status | |
if: always() && github.event.action == 'age-interop-request' | |
run: | | |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
-H 'Accept: application/vnd.github.everest-preview+json' \ | |
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
--data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / Build rage"}' | |
- uses: actions/checkout@v4 | |
- name: cargo build | |
run: cargo build --release --features unstable | |
working-directory: ./rage | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: rage | |
path: | | |
target/release/rage | |
target/release/rage-keygen | |
- name: Update FiloSottile/age status with result | |
if: always() && github.event.action == 'age-interop-request' | |
run: | | |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
-H 'Accept: application/vnd.github.everest-preview+json' \ | |
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
--data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / Build rage"}' | |
build-age: | |
name: Build age | |
runs-on: ubuntu-latest | |
steps: | |
- name: Create FiloSottile/age status | |
if: always() && github.event.action == 'age-interop-request' | |
run: | | |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
-H 'Accept: application/vnd.github.everest-preview+json' \ | |
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
--data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / Build age"}' | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.19 | |
id: go | |
- name: Use specified FiloSottile/age commit | |
if: github.event.action == 'age-interop-request' | |
run: echo "AGE_REF=${{ github.event.client_payload.sha }}" >> $GITHUB_ENV | |
- name: Use FiloSottile/age current main | |
if: github.event.action != 'age-interop-request' | |
run: echo "AGE_REF=refs/heads/main" >> $GITHUB_ENV | |
- name: Check out FiloSottile/age | |
uses: actions/checkout@v4 | |
with: | |
repository: FiloSottile/age | |
ref: ${{ env.AGE_REF }} | |
path: go-age/age | |
- name: go build | |
run: | | |
cd $GITHUB_WORKSPACE/go-age/age | |
go build filippo.io/age/cmd/age | |
go build filippo.io/age/cmd/age-keygen | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: age | |
path: | | |
go-age/age/age | |
go-age/age/age-keygen | |
- name: Update FiloSottile/age status with result | |
if: always() && github.event.action == 'age-interop-request' | |
run: | | |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
-H 'Accept: application/vnd.github.everest-preview+json' \ | |
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
--data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / Build age"}' | |
test: | |
name: ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}] | |
runs-on: ubuntu-latest | |
needs: [build-rage, build-age] | |
strategy: | |
matrix: | |
alice: [rage, age] | |
bob: [rage, age] | |
recipient: [x25519, ssh-rsa, ssh-ed25519] | |
fail-fast: false | |
steps: | |
- name: Create FiloSottile/age status | |
if: always() && github.event.action == 'age-interop-request' | |
run: | | |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
-H 'Accept: application/vnd.github.everest-preview+json' \ | |
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
--data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]"}' | |
# Download the binaries to test | |
- uses: actions/download-artifact@v4 | |
with: | |
name: rage | |
- uses: actions/download-artifact@v4 | |
with: | |
name: age | |
- run: chmod +x rage | |
- run: chmod +x rage-keygen | |
- run: chmod +x age | |
- run: chmod +x age-keygen | |
# Prepare the test environment | |
- name: Install dos2unix for simulating Windows files | |
run: sudo apt update && sudo apt install dos2unix | |
- name: Write (very not private) age X25519 key | |
if: matrix.recipient == 'x25519' | |
run: echo "AGE-SECRET-KEY-1TRYTV7PQS5XPUYSTAQZCD7DQCWC7Q77YJD7UVFJRMW4J82Q6930QS70MRX" >key.txt | |
- name: Save the corresponding age x25519 recipient | |
if: matrix.recipient == 'x25519' | |
run: echo "age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm" >key.txt.pub | |
- name: Set the corresponding age x25519 recipient | |
if: matrix.recipient == 'x25519' | |
run: echo "AGE_PUBKEY=-r age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm" >> $GITHUB_ENV | |
- name: Generate an ssh-rsa key | |
if: matrix.recipient == 'ssh-rsa' | |
run: ssh-keygen -t rsa -N "" -f key.txt | |
- name: Generate an ssh-ed25519 key | |
if: matrix.recipient == 'ssh-ed25519' | |
run: ssh-keygen -t ed25519 -N "" -f key.txt | |
- name: Set the corresponding SSH recipient | |
if: matrix.recipient == 'ssh-rsa' || matrix.recipient == 'ssh-ed25519' | |
run: echo "AGE_PUBKEY=-R key.txt.pub" >> $GITHUB_ENV | |
- name: Store key.txt in case we need it | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_key.txt | |
path: key.txt | |
# Tests! | |
- name: Encrypt to file | |
run: echo "Test string" | ./${{ matrix.alice }} -o test.age $AGE_PUBKEY | |
- name: Decrypt from file | |
run: ./${{ matrix.bob }} -d -i key.txt test.age | grep -q "^Test string$" | |
- name: Store test.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test.age | |
path: test.age | |
- name: Generate a file to encrypt | |
run: echo "2 test 2 string" > test2.txt | |
- name: Encrypt to ASCII-armored file | |
run: ./${{ matrix.alice }} -a -o test2.age $AGE_PUBKEY test2.txt | |
- name: Decrypt from ASCII-armored file | |
run: ./${{ matrix.bob }} -d -i key.txt test2.age | grep -q "^2 test 2 string$" | |
- name: Store test2.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test2.age | |
path: test2.age | |
- name: Convert file to CRLF | |
run: unix2dos test2.age | |
- name: Decrypt from ASCII-armored CRLF file | |
run: ./${{ matrix.bob }} -d -i key.txt test2.age | grep -q "^2 test 2 string$" | |
- name: Store CRLF-ed test2.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test2.age | |
path: test2.age | |
- name: Pipes! | |
run: echo "Test string 3 - ASCII Drift" | ./${{ matrix.alice }} $AGE_PUBKEY | tee --output-error=warn test3.age | ./${{ matrix.bob }} -d -i key.txt | grep -q "^Test string 3 - ASCII Drift$" | |
- name: Store test3.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test3.age | |
path: test3.age | |
- name: Explicit stdout during encryption | |
run: ./${{ matrix.alice }} -a -o - $AGE_PUBKEY test2.txt >test4.age | |
- name: Explicit stdin during decryption | |
run: cat test4.age | ./${{ matrix.bob }} -d -i key.txt - | grep -q "^2 test 2 string$" | |
- name: Store test4.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test4.age | |
path: test4.age | |
- name: Generate a file to encrypt | |
run: echo "Test 5" > test5.txt | |
- name: Encrypt to identity in a named pipe | |
run: ./${{ matrix.alice }} -e -i <(cat key.txt) -o test5.age test5.txt | |
- name: Decrypt with identity in a named pipe | |
run: ./${{ matrix.bob }} -d -i <(cat key.txt) test5.age | grep -q "^Test 5$" | |
- name: Store test5.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test5.age | |
path: test5.age | |
- name: Encrypt to recipient in standard input | |
run: cat key.txt.pub | ./${{ matrix.alice }} -e -R - -o test6.age test5.txt | |
- name: Decrypt with identity in standard input | |
run: cat key.txt | ./${{ matrix.bob }} -d -i - test6.age | grep -q "^Test 5$" | |
- name: Store test6.age | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test6.age | |
path: test6.age | |
- name: Keygen prevents overwriting an existing file | |
run: | | |
touch do_not_overwrite_key.txt | |
if $(./${{ matrix.alice }}-keygen -o do_not_overwrite_key.txt); then | |
false | |
else | |
true | |
fi | |
- name: Keygen supports conversion from stdin | |
run: ./${{ matrix.alice }}-keygen | ./${{ matrix.bob }}-keygen -y | |
- name: Keygen supports conversion from file | |
if: matrix.recipient == 'x25519' | |
run: ./${{ matrix.alice }}-keygen -y key.txt | |
- name: Update FiloSottile/age status with result | |
if: always() && github.event.action == 'age-interop-request' | |
run: | | |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
-H 'Accept: application/vnd.github.everest-preview+json' \ | |
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
--data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]"}' |